Sorry, I do not value($$$) your privacy. :^)

Bootstrapping signify for my assets

As you might know, I'm not a huge fan of OpenPGP so when I learned about OpenBSD's signify(1) I wanted to use it on doing my next software release, now is the time.

In a way similar to OpenBSD I'm going to rotate keys at least once every 6 months, I'll not probably not write blog articles on each rotation unless it nicely syncs with my status updates but I'll copy them into https://hacktivis.me/releases/signify/ and post them on the fediverse (like this) or any other place.

keys and their signatures

2019-10 is the first key present to have both key signed, actual assets will be using 2019-11 (the second key), first key being there only to show how the rotation is done.

2019-10.pub

untrusted comment: minisign public key C99CEA24AB65873
RWRzWLZKos6ZDNH4RrGKwA5/I4OUJtgR/CHZkn1Cac0Qxj9wTxH2WgIL

2019-10.pub.2019-11.sig

untrusted comment: signature from minisign secret key
RWQpg/ljPbQGXyNHZOdkuRmIw2GubkKwIsEeujcywnAa7iJjWkOxj7plCP09wr+wkJujpZMEJTEMUTxBimPEF3RXx43ITM9EhgQ=
trusted comment: timestamp:1572560484   file:2019-10.pub
Mn5xpXQjR2tK1pPe1MrzJTsfRTPM8clPwlEQFUHulHM6ZBGSZRVQBc8qcEOrV/omUjS5cbEfTBC/pzxeTs3EBQ==

2019-11.pub

untrusted comment: minisign public key 5F06B43D63F98329
RWQpg/ljPbQGX16QkJEETSdJ4taNNB7acmdkVEMW2waT5GeXwvn3emSR

2019-11.pub.2019-10.sig

untrusted comment: signature from minisign secret key
RWRzWLZKos6ZDHJvpCdCVNiQ2xVuYqJakRgTbMYAsn9BIdC7q+X/5TaHwAG3HvA9QThUnnZ936GMukMcj3hs9vhZtjPcJw8a6gM=
trusted comment: timestamp:1572560509   file:2019-11.pub
/T+4tPEtKIxut9tEOrJUQKRi25A/Vn7V64MntZpWxPiOzD9h5EvYc10cVp5dNzWYQ2Wp+iMFjZvKbwTe+kbSBQ==

Fediverse post for comments, published on 2019-10-31T23:08:00Z, last updated on 2019-10-31T23:08:00Z

article only(plain XHTML)